Largest Data Breaches So Far In 2017

It seems like every time you turn on the news, there’s another story about a data breach that affects thousands or even millions of innocent consumers. Businesses of all sizes and across all industries can be affected by data breaches if they don’t properly manage their IT assets from the time they are acquired all the way to their disposal. Take a look at some of the biggest data breaches that have occurred this year:

InterContinental Hotel Group

In February, the InterContinental Hotel Group (IHG) admitted that their payment systems were targeted by cyberattackers. The data breach was not discovered until affected customers began to report unauthorized charges on the credit cards that they used at IHG-owned hotels. In response to the reports, IHG hired third party cybersecurity firms to examine their payment systems to determine if there were any issues. The third party firms were able to identify malware that had been installed on servers of various hotels and restaurants owned by IHG. This malware allowed hackers to gain access to IHG customers’ credit card information, including their names, account numbers, expiration dates, and security codes. Although the company initially reported that the data breach was limited to only 12 of their properties, they announced months later that it had actually affected 1,200 properties.

IRS Data Retrieval Tool

Just a few months later, the Internal Revenue Service (IRS) revealed that personal information of over 100,000 taxpayers may have been stolen in a massive data breach. The attack targeted the IRS Data Retrieval Tool, which is used by students who are completing the Free Application for Federal Student Aid (FAFSA) form. Applicants are required to fill out their tax information on this form, and the IRS Data Retrieval Tool makes it easier by pulling the information for them. The hackers used the stolen information to successfully file nearly 8,000 fraudulent tax returns and collect over $30 million in returns. Another 52,000 returns were filed, but stopped before checks were issued.

Bronx Lebanon Hospital Center

Patients’ medical records are protected by the Health Insurance Portability and Accountability Act (HIPAA), but unfortunately, even this confidential data can be breached. Medical records for thousands of patients were exposed in a breach caused by a misconfigured server hosted by a third party vendor, iHealth. At the time of the incident, the hospital estimated that 7,000 patients were affected by the breach. Information including patients’ name, addresses, religious affiliations, history of medical conditions, HIV statuses, and domestic violence reports was leaked as a result of this breach.


OneLogin is a service that allows consumers to manage all of their log in credientials for multiple sites in one location, thus eliminating the need to remember dozens of unique usernames and passwords. In May of this year, the company notified users that they had reason to believe that someone had gained access to the company’s sensitive data. OneLogin immediately begin to work with third party cybersecurity firms to investigate the nature of the hack. They discovered that the attack began at 2 a.m. on May 31st, and was successfully shut down seven hours later. However, seven hours was more than enough time for the cyberattacks to decrypt encrypted data and steal confidential customer information. The exact number of people who have been affected has not been released by OneLogin, however a breach of this nature is extremely concerning due to the amount of information that OneLogin stores for customers.

“A Business A Day”

A hacker that goes by the name “TheDarkOverlord” began stealing confidential patient information from medical organizations across the country earlier this year in a plot that he referred to as “A Business A Day.” The hacker typically gains access to a medical clinic’s information, then holds it ransom and demands compensation from the business. If the business does not pay the ransom, TheDarkOverlord sells the information on the dark web, thus leaving thousands of patients vulnerable to identity theft. Some of the medical practices that have been affected so far include La Quinta Center for Cosmetic Dentistry, Tampa Bay Surgery Center, Indiana Cancer Agency, and OC Gastrocare.

America’s JobLink

America’s JobLink is an online service that helps job seekers connect with potential employers. In March of this year, the company announced that a hacker was able to gain access to personal identifying information for 4.8 million users, including their Social Security numbers, birth dates, and legal names.

Washington State University

A storage unit owned by Washington State University was burglarized earlier this year. Normally, this wouldn’t be a cause for concern. However, inside this storage unit was an 85-pound safe that contained a hard drive with personal information for millions of people. Social Security numbers along with other personally identifiable information was included on the hard drive. The university says the hard drive also contained health records for some individuals. The hard drive was part of a research study that the school conducted on behalf of school districts and government agencies in Washington and Idaho. It is unclear whether the burglars were able to get into the safe, and if so, whether they then gained access to the data. Washington State University notified the affected individuals immediately after they realized the safe was stolen and offered each individual one year of free credit monitoring.

These examples prove how important it is for companies to protect their data at all costs. A data breach can occur at any time, but IT assets are especially vulnerable during their disposal. To protect your customers’ information and your business’s confidential data, choose ERI to handle your IT asset disposition. For more information on how we destroy your data, or to request a quote for your company, contact us today.